Windows' big bug watcher

A self-taught man Vital stats 50 most powerful people in networking

NTBugtraq, the Internet equivalent of a watering hole, is a forum for swapping information on suspected bugs in Microsoft products or getting an early warning about computer worms. Now entering its sixth year, NTBugtraq has become the mailing list for IT managers and vendors who need to read the latest dispatches from the Microsoft security warfront.

"It's very much considered the No. 1 channel for contributing and looking for new updates and information on vulnerabilities," says Firas Raouf, COO at eEye Digital Security, a maker of scanning products. "NTBugtraq is a very critical, fundamental and helpful tool in facilitating the concept of full disclosure on vulnerabilities as they emerge."

If NTBugtraq seems free of the kind of wild-eyed ranting that might afflict any public list about Microsoft, it's because NTBugtraq's founder and moderator, Russ Cooper, is picky about what gets posted on it.

"It has to pass the sniff test," notes Cooper, a Lindsay, Ontario, resident who lives in a countryside house that - in addition to his family, four dogs and a cat - holds a dozen PCs and servers loaded with Microsoft software and testing tools. A 100-mile T-1 line connects Cooper's wilderness outpost to the ISP UUNet in Toronto. The pulsing heart of NTBugtraq is a Chicago-based list-mail server - donated by software vendor L-Soft - that handles mail distribution for about 31,000 NTBugtraq subscribers.

About three-quarters of the messages Cooper gets don't get posted because they fail to "stay on track and to the point," he says. But he does answer a lot of this mail on his own. "If someone says, 'I just discovered a new vulnerability,' well, I'll try to test it first. If the claim looks reasonable, I'll accept it at face value," he adds.

Disclosing Microsoft software vulnerabilities is "a touchy subject," Raouf points out. "Russ is doing a tremendous job in maintaining a level of neutrality."

Cooper's enduring reputation for fair-handedness is all the more remarkable considering risk management vendor TruSecure has owned NTBugtraq since buying the list from him three years ago, for an undisclosed sum. Cooper is now officially TruSecure's "surgeon general" - a title he picked himself, recalling a news story published four years ago that said his work at NTBugtraq made him seem like the "surgeon general of the Internet."

The reliability of the information on NTBugtraq is what has people reading it with more than passing interest.

"I find NTBugtraq to be very helpful because it alerts me to issues people are having with Microsoft applications," says Richard Bell, IT director in the office of the Arkansas Secretary of State in Little Rock. "I can get feedback on some of the corrections Microsoft makes. NTBugtraq has also become a good tool about virus attacks and Trojans."

Cooper says in the ideal scenario no one would release newfound information about software flaws - because they are routinely exploited by virus writers and attackers - until Microsoft has a patch ready to correct them. Over the years, that conviction has at times led Cooper to play the broker between security researchers who uncover the problems and Microsoft. While Cooper spices his mailing list with his own advice, he acknowledges the power of NTBugtraq lies with experts such as Jeremy Allison, Juan Carlos Cuartango, David LeBlanc, David Litchfield and Eric Schultze, who have posted their security research on it over the years.